SOLID-STATE MEMORY-BASED GENERATION AND HANDLING OF SECURITY AUTHENTICATION TOKENS

US 20080155271A1
Filed: 12/21/2006
Published: 06/26/2008
Est. Priority Date: 12/21/2006
Status: Active Grant

First Claim

Patent Images

1. A machine implemented system that facilitates secure token generation and transmission capabilities in a mobile device, comprising:

at least one software application that comprises at least one secure token assigned to a specific user; and

a security processor that communicates with the at least one software application to manage generation, authentication, and transmission of the at least one secure token.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture is presented that facilitates secure token generation and transmission capabilities in a mobile device. The system comprises at least one software application that includes a secure token assigned to a specific user and a memory module that communicates with an external processor. A security processor, non-volatile memory component and volatile memory component are integrated to form the memory module that communicates with the external processor. The memory module creates a secure execution environment for the execution of application agents associated with the software application and the secure token. The security processor of the system communicates with the software application and external processor to manage generation, authentication, confidentiality, and transmission of the secure token. And, the non-volatile memory allows the introduction of new tokens and the removal of old tokens.

Citations

20 Claims

1. A machine implemented system that facilitates secure token generation and transmission capabilities in a mobile device, comprising:
- at least one software application that comprises at least one secure token assigned to a specific user; and
  
  a security processor that communicates with the at least one software application to manage generation, authentication, and transmission of the at least one secure token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, further comprising at least one non-volatile memory component that communicates with the security processor and at least one volatile memory component that communicates with an external processor.
  - 3. The system of claim 2, wherein the security processor, the at least one non-volatile memory component and the at least one volatile memory component are integrated to form a memory module that communicates with the external processor, the memory module creates a secure execution environment for the execution of application agents associated with the at least one software application and the at least one secure token.
  - 4. The system of claim 3, wherein the non-volatile memory component is divided into multiple partitions of varying sizes and access rights, such that the at least one software application is stored in a first partition, the application agents of the at least one software application are stored in a second partition, and the at least one secure token is stored in a third partition.
  - 5. The system of claim 4, wherein the application agents of the at least one software application and the at least one secure token are executed via the security processor in the secure execution environment created by the memory module.
  - 6. The system of claim 5, wherein the at least one software application is executed via the external processor in the less secure environment outside of the memory module.
  - 7. The system of claim 2, wherein the at least one secure token utilizes a secret key, such that a new authentication code is generated at specific time intervals based on a built-in clock.
  - 8. The system of claim 2, wherein the at least one secure token is used in combination with a one-time password list, the one-time password list is stored securely within the non-volatile memory component.
  - 9. The system of claim 2, wherein the external processor and a server are mutually authenticated with the at least one non-volatile memory component via shared key authentication or public key infrastructure (PKI) authentication.
  - 10. The system of claim 9, wherein after the external processor and the at least one non-volatile memory component are mutually authenticated, the at least one secure token is transmitted via a secure channel communication established between the at least one non-volatile memory component and the external processor.
  - 11. The system of claim 9, wherein after the server and the at least one non-volatile memory component are mutually authenticated, the at least one secure token is transmitted via a secure channel communication established between the at least one non-volatile memory component and the server.
  - 12. The system of claim 1, wherein the mobile device comprises one of a multimedia player, a Personal Digital Assistant (PDA), a cellular phone, and a hand held computing device.

13. A method of integrating secure token generation capabilities into a mobile device, comprising:
- providing a security processor that communicates with an external processor;
  
  creating a secure execution environment via integrating the security processor with at least one non-volatile memory component;
  
  storing at least one software application, application agents of the at least one software application, and at least one secure token in the at least one non-volatile memory component;
  
  executing the application agents of the at least one software application and the at least one secure token in the secure execution environment; and
  
  managing generation, authentication, and transmission of the at least one secure token.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, further comprising integrating the at least one non-volatile memory component, the security processor and the external processor to form the mobile device, wherein the at least one non-volatile memory component and the security processor are embedded in the mobile device.
  - 15. The method of claim 13, further comprising:
    - mutually authenticating the at least one non-volatile memory component and the external processor; and
      
      establishing a secure channel communication between the at least one non-volatile memory component and the external processor for transmitting the at least one secure token.
  - 16. The method of claim 13, further comprising:
    - mutually authenticating the at least one non-volatile memory component and a server; and
      
      establishing a secure channel communication between the at least one non-volatile memory component and the server for transmitting the at least one secure token.
  - 17. The method of claim 13, wherein the at least one secure token utilizes a secret key, such that a new authentication code is generated at specific time intervals based on a built-in clock.
  - 18. The method of claim 13, wherein the at least one secure token is used in combination with a one-time password list, the one-time password list is stored securely within the at least one non-volatile memory component.
  - 19. The method of claim 13, further comprising providing volatile memory, such as random access memory (RAM), used for the temporary data and code storage needs of the external processor.

20. A system that integrates secure token generation capabilities into a mobile device, comprising:
- means for providing a security processor that communicates with an external processor;
  
  means for creating a secure execution environment via integrating the security processor with at least one flash memory component;
  
  means for storing at least one software application, application agents of the at least one software application and at least one secure token in separate partitions of the at least one flash memory component;
  
  means for executing the application agents of the at least one software application and the at least one secure token in the secure execution environment;
  
  means for mutually authenticating the at least one flash memory component and the external processor; and
  
  means for establishing a secure channel communication between the at least one flash memory component and the external processor for transmitting the at least one secure token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cypress Semiconductor Corporation (Infineon Technologies AG)
Original Assignee
Spansion LLC (Infineon Technologies AG)
Inventors
Werner, Jeremy, Barck, Russell

Granted Patent

US 8,261,091 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/72 in cryptographic circuits

SOLID-STATE MEMORY-BASED GENERATION AND HANDLING OF SECURITY AUTHENTICATION TOKENS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SOLID-STATE MEMORY-BASED GENERATION AND HANDLING OF SECURITY AUTHENTICATION TOKENS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links